I have found a new rogue security program called WindoFix ([url=http://www.windofix.com/]link here[/url]). I discovered it while going through their website's [url=http://www.siteadvisor.com/sites/windofix.com]page on SiteAdvisor[/url], where a user called roger_m continually defends WindoFix. At the moment, the site is still rated green.

Why do I suspect this program to be rogue?

*It has the usual signs of a rogue program's webpage: use of scareware tactics, fake testimonials, an [url=http://www.windofix.com/aff/]affiliate program[/url] on their webpage, and a high price tag to buy the program of $37.99 ("LIMITED TIME OFFER"; "50% off the retail price").
*The trial does a free scan, but won't remove anything.
*Reports of false positives from SiteAdvisor users.
*Links from SA users that prove WindoFix's website is on malware blacklists.
*WOT [url=http://www.mywot.com/en/scorecard/windofix.com]rates the site red[/url].
*I am unable to launch the installer under Sandboxie; an error pops up, saying "The system cannot find the file specified." However, the installer launches up fine unsandboxed.
*Again, the presence of roger_m on SA aggressively defending WindoFix.

Even though VirusTotal and Jotti.org shows that no antivirus vendor's program detects it at the moment. Because this is my home computer, and I am unable to run the WindoFix installer sandboxed, I do not want to test the program unsandboxed; would anyone like to verify that this program is in fact rogue?

Well to start with WindoFix is a registry cleaner, not what I would really consider a 'security' program.

The laughable 'argument' at SiteAdvisor consists of one user who appears to have actually tested the program and found it harmless but fairly useless, and several others (including one called FlyingPenguins) who haven't tested it, quote sources that provide no real evidence for their belief that it is a rogue, and in some cases indulge in personal attacks when they are called out on this.

FWIW at the time of wriing SiteAdvisor still lists WindoFix.com as green (no significant problems), not that I have any great faith in a site rating from MacAffee.

Thanks for the post aBenG. The OP seems to have some axe to grind with this program going by the posts at SiteAdvisor.

I'll move this to the General Software discussion forum since it's not a security app.

If we were updating the rogues page here (which we are not) this app would not be listed because it's not an anti-spyware or anti-malware app. Also we never listed any apps based on hearsay. Everthing listed was meticulously tested and documented._________________Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

No, I'm not a spammer... why would I be reporting rogue software here if I were?

Yes, I am the same FlyingPenguins from SiteAdvisor. Gotta love SiteAdvisor for keeping a site green even though most trusted users that have commented on the site/program rated it red. The problem with trying to test the program myself is that am unable to do so under a sandbox (read my first post) - the installer won't even run in a sandbox. I would rather not test the program under non-sandboxed conditions on my home computer, even if the Virustotal results show the program will not harm my computer.

I would now have to agree that it's not a "true" rogue security program, and that it wouldn't be posted on the Spyware Warrior List. (Also, sorry for linking to the rogue sites... I thought this was normally allowed on this forum.) But you can't blame a guy for trying (in a futile effort) to expose one rogue program out of possibly thousands of rogues, eh?

To aBenG: That link to the Blogspot blog seems rather shady, and I wouldn't trust it, even given the negative review for WindoFix on that site; it does, however, gives positive reviews to numerous other rogue security programs.

No, I'm not a spammer... why would I be reporting rogue software here if I were?

Spammers use many tricks to get us to think their posts are not spam. It's the links that cause suspicion.

Quote:

I would now have to agree that it's not a "true" rogue security program, and that it wouldn't be posted on the Spyware Warrior List. (Also, sorry for linking to the rogue sites... I thought this was normally allowed on this forum.) But you can't blame a guy for trying (in a futile effort) to expose one rogue program out of possibly thousands of rogues, eh?

Well, it's not even a security program, so not sure why you call it that. There are lots of crappy registry cleaners around, but just because they are crappy, doesn't make them rogues IMO.

I'm a lot more worried about the real rogues that are downloaded by trojans through exploits and try to extort money from uneducated users._________________Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

It looks like whoever runs that blog is a ClickBank affiliate, so not really a source I would take seriously either.
If you hover your cursor over the link to Windofix, you can see the ClickBank affilate ID._________________Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.

That link to the Blogspot blog seems rather shady, and I wouldn't trust it

Do disable the link please Suzi if it's dodgy!

Honestly based on the info available for this program I wouldn't trust any review sites. That was simply the most legible of the various paraphases of the exact same review (down to the order of phrasing and number of errors found) given on different review sites by (hoho) different reviewers. Every other 'review' I found was advertising/descriptions from dl sites.

I fully expect that WindoFix is at best an average tool, but until it is found to be unloading malware it's not a rogue in my book, just another unneccesary low grade commercial prog._________________Inperfect.

I'm a lot more worried about the real rogues that are downloaded by trojans through exploits and try to extort money from uneducated users.

aBenG wrote:

I fully expect that WindoFix is at best an average tool, but until it is found to be unloading malware it's not a rogue in my book, just another unneccesary low grade commercial prog.

Those arguments seem fair enough to me.

And to be honest, I do trust WOT more than SiteAdvisor nowadays, mainly because of these problems with false positives/negatives, though I do have both of these installed on my browser concurrently, for extra security.

If we were updating the rogues page here (which we are not) this app would not be listed because it's not an anti-spyware or anti-malware app. Also we never listed any apps based on hearsay. Everthing listed was meticulously tested and documented.

My impression is the following:
1. It's just one of those phony applications promoted via Clickbank.
2. Search results suggest, whenever someone does call this application rogue, the arguments boil down to false analogies and hearsay.

Rating systems are doomed to fail, whenever they are solely based on comments about subjects the participating users have no expertise in. Without facts, however, ratings are prone to arbitrary subjective criteria and these are incompatible with a "lawsuit proof" determination of an application's characteristics. Therefore, unless FlyingPenguins can point out some hard facts (for example logs that demonstrate how a test system was converted to a spam zombie, "elite proxy" or local ad-server), I'd consider this application as legitimate.

I*Again, the presence of roger_m on SA aggressively defending WindoFix.

I would hardly say that I am aggressively defending it. I have just pointing out that personally I have tested it and found to be safe. And rouge or not, this a registry cleaner and not a security program.

It did nothing at malicious on my computer when installed and ran it.

My opinion reflect that of the other posters on this thread - that it should not be deemed to be a rogue or malware unless there is actual evidence to support this.

Someone saying that is is bad with no actual document evidence of what "bad" things it does can not be counted as a valid opinion.

FlyingPenguins wrote:

I do not want to test the program unsandboxed; would anyone like to verify that this program is in fact rogue?

I have done this, and don't consider it to be a rogue.

Just another one of ever increasing number of registry cleaners. This one appeard to give no false posatives unlike the majority of such programs, but as usual cleanining the registry usually won't provide any benefit.

As an abstract, the statement would boil down to the following:
I don't like A. Therefore, everything A does or mentions is suspicious.

That does not exactly look like an argument a reasonably sane and intelligent person would even consider using for making decisions. I even start to wonder whether the only purpose of registration was to attack roger_m and what online identity "FlyingPenguins" had prior to this thread.

Observations:
- Nothing suspicious found in EULA.
- Scan speeds were very sluggish; it was quick at the beginning, before starting to scan very slowly around the 8000 key mark; it was going 1 key per second around the 10,500 mark; but became very quick again from ~15,000 keys to the end. In total, the scan took around 15-20 minutes.
- The program detected 479 errors; seems like a legit amount to me, as I had done a CCleaner registry sweep right before the WindoFix scan.
- Scan results do not actually show the keys that should be fixed, only the number of problems.
- The trial removes nothing unless you buy the program.

In conclusion: WindoFix seems like a mediocre program at best. However, while it does use some rather shady techniques to advertise (high rates for becoming an affiliate, and a trial that doesn't remove anything), it does seem like it actually goes through my registry, looking for bad keys and values.

My apologies to Roger for previously stating that WindoFix was not at all legit. I was pretty suspicious of why you were defending an unknown piece of software so greatly on SiteAdvisor though.

I even start to wonder whether the only purpose of registration was to attack roger_m and what online identity "FlyingPenguins" had prior to this thread.

My intention was not to do a personal attack on roger_m, but rather to investigate the program because of Roger refuting any negative comment on SA.

And that can't be done without ad hominem attacks? Trying to stigmatise roger_m because of his refusal to accept non-arguments (see above) was totally uncalled for in my opinion.

Quote:

I've done a test of WindoFix on my computer, unsandboxed. Here are the results.
[snip]

Thanks. I think this is the way your post should have look like from the start.

Quote:

WindoFix seems like a mediocre program at best. However, while it does use some rather shady techniques to advertise (high rates for becoming an affiliate, and a trial that doesn't remove anything), it does seem like it actually goes through my registry, looking for bad keys and values.

I disagree with your definition of the term "shady". Neither high affiliate rates nor a trial that does not remove anything are signs of shady business practices. One may well argue whether affiliate marketing in itself is problematic (especially with unscrupulous spammers as business partners), but even this cannot be attributed to WindoFix alone. And as you yourself admit, it does not seem to create fictitious problems, leave potentially unwanted components or generate nag screens that would qualify as shady business practices.

Quote:

My apologies to Roger for previously stating that WindoFix was not at all legit. I was pretty suspicious of why you were defending an unknown piece of software so greatly on SiteAdvisor though.

This is not what I consider an honest apology, because it does not address the actual problem. Let's go back to the original post:

Quote:

Why do I suspect this program to be rogue?

It has the usual signs of a rogue program's webpage: use of scareware tactics, fake testimonials, an (url=http://www.windofix.com/aff/)affiliate program(/url) on their webpage, and a high price tag to buy the program of $37.99 ("LIMITED TIME OFFER"; "50% off the retail price").

The trial does a free scan, but won't remove anything.

Reports of false positives from SiteAdvisor users.

Links from SA users that prove WindoFix's website is on malware blacklists.

WOT (url=http://www.mywot.com/en/scorecard/windofix.com)rates the site red(/url).

I am unable to launch the installer under Sandboxie; an error pops up, saying "The system cannot find the file specified." However, the installer launches up fine unsandboxed.

Again, the presence of roger_m on SA aggressively defending WindoFix.

(emphasis and formatting mine)

To me, adding the statement about roger_m to the list of indicators borders on libel, because it implies that roger_m systematically gives his ok to rogue applications. Since you apologised for your wrong suspicion about WindoFix, this means that your accusation of roger_m being an indicator for possible rogue software still stands.

I disagree with your definition of the term "shady". Neither high affiliate rates nor a trial that does not remove anything are signs of shady business practices. One may well argue whether affiliate marketing in itself is problematic (especially with unscrupulous spammers as business partners), but even this cannot be attributed to WindoFix alone. And as you yourself admit, it does not seem to create fictitious problems, leave potentially unwanted components or generate nag screens that would qualify as shady business practices.

First of all, a 75% affiliate commission rate seems far out of the norm. A rate that high wouldn't raise suspicion to you at first glance? While high affiliate rates for a program are not a definite sign of it being rogue, it generally is a sign. Here are some examples that I looked up from known antimalware vendors:
- Trend Micro: 25%
- Kaspersky: 20%
- ESET: 18%
- Norton: 13-25%
- Sunbelt: 30%
- Webroot: up to 50% (up to is the key word)
Secondly, a trial that will not remove anything at all (versus a registry cleaner trial that removes up to a certain number of bad keys, or is time-limited) is generally a sign of shady business practices...

olliver wrote:

To me, adding the statement about roger_m to the list of indicators borders on libel, because it implies that roger_m systematically gives his ok to rogue applications. Since you apologised for your wrong suspicion about WindoFix, this means that your accusation of roger_m being an indicator for possible rogue software still stands.

Well, previously, having seen roger_m's posts on SA in which he greened WindoFix and a number of other questionable (at least to me) security/utility programs, it seemed to me that WindoFix was rogue enough to employ someone to defend their program, and the like, on the Internet. For that accusation, I apologise to roger_m. I now understand that roger_m takes a similar stance on these types of "not-at-all-good-but-not-quite-rogue-either" types programs as other members of the Spyware Warrior forums: leave 'em alone unless they show false positives, install adware/spyware, or is installed through exploits or other malicious means; in which case they should be dealt with harshly, which (now) seems reasonable.

Thanks for all the support guys, it i nice to be able to come here where there are people who want to have an informed discussion.

However the reason I'm posting here also is to announce that I have been permanently banned from SiteAdvisor.
why have I been banned well the following explanation is a good example in my opinion of the standard of postings in general there:

"You have been banned for the following reason:
None

Date the ban will be lifted: Never"

I mean why give a reason, lots of "experienced" reviewers there will rate a site as red without giving any explanation. Often too they will rate a site as red because one of the other siteadvisor type sites such as MyWOT has users giving the site a red rating. (other sites are typically quicker to rate sites than SiteAdvisor)

Usuall there is absoultely no evidence to support the claims people make about websites, but this does not stop people with their enthusiasm to rate sites red greatly exceeding their knowlege of spyware or rogue websites and software posting sites as red - becuase other people think it is "bad" therefore it must be "bad". Not the greatest of logic there!

I will admit I have continually aruged with experienced reviews at SiteAdvisor and ocassionally made fun of them too (it seems some people have no sense of humor these days, hence my ban). But I must point out it has always been with a reason. If I find a website or software on a website to be safe I will give it a green rating. Now these were often not highly trusted and respected software vendos, but every program I said was clean I had tested extensively.

However as soon as I would give a website a green rating, some users would immediatley come to the wrong conclusion that by raiting the site as green I was promotig the website and the software on it. I would refute these claims, and say that by testing the software on the site, they would more than likely too come to the same conclusion as me. But these self proclaimed "experts" quite simpply refused to do this no matter how many times I asked, and instead would continually post links which said the software was "bad" or dangerous, but NEVER giving any actual evidence of this.

Since I've been banned all my posts have been deleted.

Also some users claimed by repuation score at SiteAdvisor was as low as -15 which I find strange as my posts and my profile page showed my rating as 0!